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ABSTRACT 


The  protection  of  information  is  of  vital  importance  to  the  successful  operation  of 
both  the  Federal  Government  and  the  Department  of  the  Navy.  Attention  is  usually  given 
to  the  protection  of  classified  information.  The  Computer  Security  Act  mandates  that  not 
only  classified,  but  sensitive  information  be  protected  in  accordance  with  the  Privacy  Act. 
The  increasing  reliance  on  networks  makes  this  a  challenging  problem  to  overcome. 

The  focus  of  this  thesis  is  to  examine  the  capabilities,  effectiveness,  and  limitations 
of  the  DES,  LOKI,  and  IDEA  cryptosystems  for  use  in  the  PC  environment.  It  analyzes 
the  use  of  these  cryptosystems  for  network  voice  encryption.  Further,  this  thesis 
examines  the  function  and  security  of  these  cryptosystems  and  examines  possibilities  for 
implementation  in  a  Naval  Postgraduate  School  PC  network. 

Experimental  results  on  the  speed  and  efficiency  of  two  of  the  cryptosystems  are 
presented  to  show  their  relative  strengths  and  weaknesses.  A  recommendation  is  made  as 
to  the  appropriate  cryptosystem  to  be  used  in  a  network  implementation.  Further 
recommendations  are  given  on  the  type  of  computer  networking  architecture  and  the  type 
of  network  encryption  to  use. 
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I.  INTRODUCTION 


A.  PURPOSE 

The  information  age  has  brought  an  increasing  reliance  on  computers, 
communications,  and  the  networks  that  support  them.  With  the  increasing  reliance  on 
computer  and  communications  networks,  the  need  for  security  tools  to  protect  the 
information  carried  on  these  networks  becomes  evident.  The  Department  of  Defense 
(DoD)  and  the  Department  of  the  Navy  (DoN)  have  special  concerns  in  the  information 
security  arena.  Both  DoD  and  DoN  have  not  only  large  volumes  of  classified  information 
but  large  volumes  of  sensitive  information  which  must  be  protected  as  well. 

As  the  available  bandwidth  increases  in  the  ever  evolving  networks,  many  different 
types  of  applications  are  being  used.  Video  and  audio  in  network  applications  are 
becoming  more  and  more  common.  This  thesis  looks  specifically  at  network  voice 
applications  and  software  encryption  methods  for  protecting  that  information.  The  intent 
is  to  present  an  overview  of  three  of  the  current  cryptosystems  and  give  possible  solutions 
for  using  one  of  those  cryptosystems  in  an  encrypted  voice  PC  network. 

B.  OBJECTIVES 

This  thesis  examines  the  capabilities,  effectiveness,  and  limitations  of  LOKI,  DES 
and  IDEA  cr5T)tosystems  for  use  in  the  PC  environment.  In  particular  it  analyzes  the  use 
of  these  cryptosystems  for  network  voice  file  encryption.  The  paper  begins  with  a 
thorough  review  of  the  background  concepts  of  encryption  and  networking.  Included  in 
the  background  information  are  the  basic  concepts  of  cryptography  and  an  introduction  to 
the  three  cryptosystems  studied  in  this  thesis.  The  background  information  also  covers  a 
comprehensive  overview  of  networking,  including  a  description  of  the  two  major 
networking  architectures. 

Following  the  background  information,  the  thesis  provides  a  detailed  analysis  of  the 
DES,  LOKI  and  IDEA  encryption  algorithms.  Both  the  function  and  block  diagram  of 
each  algorithm  is  presented.  A  brief  examination  of  the  current  state  of  cryptanalysis  is 
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presented  for  the  three  algorithms.  The  various  modes  of  operation  of  the  cryptosystems 
are  presented  as  well. 

A  thorough  understanding  of  the  background  material  is  necessary  to  make  a 
proposal  for  implementation  in  a  PC  network.  Considerable  research  has  been  done 
involving  the  increasing  use  of  computer  networks.  Computer  security  is  still  one  of  the 
weak  areas  of  both  industry  and  DoD.  This  thesis  addresses  the  networking  issue  from  the 
standpoint  of  PC  voice  implementation  and  the  security  issue  from  the  standpoint  of 
encrypting  that  voice  traffic. 

Following  the  presentation  of  the  DES,  LOKI  and  IDEA  cryptosystems, 
experimental  results  using  these  cryptosystems  are  provided.  A  proposal  for 
implementing  an  encrypted  voice  PC  network  will  also  be  provided.  It  is  hoped  that 
further  research  will  be  devoted  to  expanding  the  implementation  portion  of  this  thesis. 

C.  RESEARCH  QUESTIONS 

1.  Primary  Research  Question 

♦  What  are  the  capabilities,  effectiveness,  and  limitations  of  LOKI,  Data 
Encryption  Standard  (DES)  and  International  Data  Encryption  Algorithm 
(IDEA)  cryptosystems? 

2.  Secondary  Research  Questions 

♦  What  are  the  major  areas  of  concern  of  encryption  in  network 
configuration? 

♦  What  are  the  possibilities  for  implementing  an  encrypted  PC  voice 
network  in  a  Naval  Postgraduate  School? 

D.  SCOPE  OF  THE  THESIS 

This  thesis  studies  the  strengths  and  weaknesses  of  the  DES,  LOKI,  and  IDEA 
cryptosystems.  Research  was  conducted  on  the  functional  workings  of  these 
cryptosystems,  and  the  relative  strengths  and  weaknesses  of  each.  Further,  this  thesis 
investigates  the  requirements  for  implementing  one  of  these  cryptosystems  in  a  PC 
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network.  In  making  a  proposal  for  implementation,  research  was  directed  toward  finding 
low-cost  options  for  implementing  the  network. 

E.  LITERATURE  REVIEW  AND  RESEARCH  METHODOLOGY 

The  overall  research  is  a  review  of  archival-based  publications,  reports,  and  studies 
on  this  subject.  There  was  significant  use  of  the  Internet  to  obtain  the  collected 
documents  and  to  conduct  one-to-one  correspondence  with  experts  in  the  field. 

Networking  publications  were  studied  in  this  research  in  order  to  identify  common 
problem  areas  for  this  type  of  network  implementation.  In  addition  to  the  networking 
periodicals,  several  encryption  software  applications  readily  available  in  the  shareware  or 
public  domain  were  reviewed  in  order  to  identify  similar  problems  in  cryptography 
software  implementation.  Several  networking  applications  were  considered  to  determine 
a  possible  candidate  for  implementation. 

Several  experiments  were  performed  as  a  means  of  comparing  the  speed  and 
efficiency  of  software  enryption  programs.  In  all  of  the  experiments,  "wall  time"  was 
used  in  order  to  measure  the  speed.  The  programs  were  run  on  a  386/33mHz  EBM 
compatible  PC. 

F.  ORGANIZATION 

This  thesis  is  organized  in  five  chapters.  The  remainder  of  this  thesis  is  organized 
as  follows: 

♦  Chapter  II,  "Background,"  provides  a  general  background  on  networks 
and  encryption. 

♦  Chapter  III,  "DES,  IDEA,  and  LOKI  Cryptosystem  Descriptions,"  provides 
an  in-depth  look  at  the  functionality,  strengths,  and  weaknesses  of  these 
cryptosystems. 

♦  Chapter  IV,  "An  Implementation  Proposal,"  presents  experimental  results 
on  the  cryptosystems  and  provides  a  possible  low  cost  solution  for 
implementing  an  encrypted  voice  PC  network. 
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♦  Chapter  V,  "Conclusions,"  identifies  the  overall  conclusions  of  this 
research. 
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n.  BACKGROUND 


A.  INTRODUCTION 

The  protection  of  information  has  always  been  vital  to  the  successful  operation  of 
both  the  Federal  Government  and  the  Department  of  the  Navy.  Considerable  attention  is 
usually  given  to  the  protection  of  classified  information.  This  paper  will  review  software 
encryption  for  the  protection  of  information  which  is  unclassified  ,  but  which  may  be 
considered  sensitive.  The  Computer  Security  Act  (CSA)  gives  broad  definition  to  the 
term  "sensitive  information": 

...information  whose  loss,  misuse,  unauthorized  access  to,  or  modification  of 
could  adversely  affect  the  national  interest,  or  the  conduct  of  federal  programs,  or 
the  privacy  to  which  individuals  are  entitled  to  under  the  Privacy  Act  [Ref  23]. 

This  would  include  information  such  as  an  individuals  social  security  number  or 
other  personal  information.  The  CSA  also  requires  every  U.  S.  government  computer 
system  that  processes  such  sensitive  information  to  have  a  customized  security  plan.  This 
thesis  will  hopefully  give  some  insight  into  one  way  of  helping  to  protect  that  information, 
through  the  use  of  encryption  of  voice  traffic  on  a  PC  network. 

Any  study  of  network  encryption  must  begin  with  an  overview  of  the  practice  of, 
and  terminology  associated  with  cryptography,  as  well  as  an  overview  of  network  practice 
and  terminology.  The  focus  of  this  chapter  is  to  provide  the  relevant  background  material 
for  this  work.  Initially  this  chapter  will  provide  definitions  for  some  of  the  terminology  to 
be  used  in  this  paper.  Secondly,  a  review  of  the  basics  of  cryptography  will  be  provided. 
Finally,  a  review  of  basic  networking  and  network  encryption  principles  will  be 
discussed. 
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B.  DEFINITION  OF  RELEVANT  TERMS 


It  is  important  that  the  reader  have  a  clear  understanding  of  certain  key  terms  used 
throughout  this  paper.  The  key  terminology  listed  both  here  and  in  Appendix  D  is  used 
frequently  in  the  professional  realm  of  both  networking  and  cryptography.  The  key  terms 
are: 


♦  OSI  reference  model  -  A  set  of  international  standards  that  provides  a 
common  set  of  conventions  for  computer  communications  and 
networking.  The  OSI  reference  model  provides  a  framework  for  defining 
standards  for  linking  heterogeneous  computers.  The  model  was 
designed  to  make  each  layer  manageably  small,  but  not  have  so  many 
layers  as  to  become  burdensome.  The  layers  include:  physical,  data 
link,  network,  transport,  session,  presentation,  application  [Ref.  21]. 

♦  TCP/IP-  A  view  of  communication  that  uses  three  proxies,:  processes, 
hosts  and  networks.  These  three  concepts  yield  to  a  fundamental 
principle  of  the  TCP/IP  protocol  suite:  the  transfer  of  information  to  a 
process  can  be  accomplished  by  first  getting  it  to  the  host  in  which  the 
process  resides  and  then  getting  it  to  the  process  within  the  host  [Ref. 
21]. 


♦  Link-to-Link  Encryption-  Devices  connected  at  the  physical  layer 
encrypt  all  data  passing  through  them,  including  data,  routing 
information,  protocol  information,  etc.  Link-to-Link  is  the  simplest  way  to 
add  encryption  in  a  network  [Schneier,  p.178].  It  is  performed  by  the 
lowest  two  levels  in  the  OSI  stack.  The  lower  level  layers  are  the  most 
standardized  levels.  It  is  invisible  to  the  user.  The  messages  are  only 
encrypted  in  transit  and  are  plaintext  on  host  [Ref.  22]. 

♦  End-to-end  encryption-  Put  encryption  equipment  between  the  network 
layer  and  the  transport  layer.  The  encryption  device  must  understand 
the  data  according  to  the  protocols  up  to  layer  three  and  encrypt  only  the 
transport  data  units.  Performed  by  high  level  protocol  layers.  The  user 
must  initiate  the  encryption  process.  The  data  is  encrypted  throughout 
the  network  [Ref.  22]. 


♦  Keys-  All  modem  encryption  algorithms  use  a  key  which  can  take  one  of 
many  values  (a  large  number  is  best)  [Ref.  19]. 
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♦  Asymmetric  algorithms-  Algorithms  which  use  separate  encryption  and 
decryption  keys,  public-key  algorithms  are  examples  of  asymmetric 
algorithms  [Ref.  19]. 

♦  Symmetric  algorithms-  Algorithms  which  use  the  same  key  for 
encryption  and  decryption  [Ref.  19]. 

♦  Stream  ciphers-  Algorithms  which  encrypt  information  bit-by  bit  [Ref. 
19]. 

♦  Block  ciphers-  Algorithms  which  encrypt  information  in  groups  of  bits 
typically  64  bits  [Ref.  19]. 

C.  OVERVIEW  OF  CRYPTOGRAPHY 

Cryptography  is  the  science  and  art  of  keeping  messages  secure.  Messages  are 

encrypted  so  that  only  the  sender  and  the  intended  recipient  are  able  to  read  them.  These 
messages  may  occur  in  a  variety  of  forms:  written  text,  stored  as  files  on  floppies,  or  sent 
from  computer  to  computer  through  a  network.  The  general  strategy  behind  any 
cryptographic  algorithm  is  to  take  plaintext  P  put  it  through  an  encryption  function  E  and 
create  ciphertext  C  using  the  form: 

C=E(P) 

The  recipient  of  C  must  then  be  able  to  take  the  encrypted  message  and  using  a 
decryption  function  D  turn  C  back  into  P  using  the  form: 

P=D(C) 

Since  the  whole  point  of  encrypting  and  then  decrypting  a  message  is  to  recover  the 
original  plaintext,  the  following  identity  must  hold  true  : 

P=D(E(P)) 

Cryptographic  algorithms  are  the  mathematical  functions  used  to  carry  out 
encryption  and  decryption.  There  are  two  general  types  of  cryptographic  algorithms, 
symmetric  and  asymmetric.  Symmetric  algorithms  can  be  divided  into  two  different 
categories:  stream  ciphers  and  block  ciphers.  The  ciphers  discussed  in  this  paper.  Data 
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Encryption  Standard  (DES),  IDEA,  and  LOKI  are  all  examples  of  symmetric  block  cipher 
systems. 

Block  algorithms  achieve  their  cryptographic  effect  •  through  confusion  and 
substitution.  Confusion  hides  the  similarities  between  the  plaintext  and  the  ciphertext. 
This  is  most  commonly  done  through  substitution  [Ref  19].  In  substitution,  a  letter  or 
block  of  plaintext  is  replaced  with  a  different  letter  or  block  of  ciphertext.  Looking  for 
repetition  in  the  ciphertext  is  one  of  the  ways  to  "break"  an  encrypted  message.  Diffusion 
dissipates  the  redundancy  of  the  plaintext  by  spreading  it  over  the  ciphertext  [Ref  19]. 
Diffusion  is  most  commonly  done  through  the  use  of  permutation.  Algorithms  may  also 
use  more  complicated  methods,  some  of  which  will  be  described  later  in  this  thesis. 

The  Data  Enciyption  Standard  (DES)  is  a  block  cipher,  symmetric  key  cryptosystem 
incorporating  both  transposition  and  substitution.  The  algorithm  requires  a  64-bit  key 
(only  56-bits  are  actually  used).  DES  encrypts  data  in  64-bit  blocks,  taking  a  64-bit  block 
of  plaintext  and  converting  it  into  a  64-bit  ciphertext  block.  The  algorithm  uses  only 
standard  arithmetic  and  logical  operations  on  up  to  64-bit  numbers.  It  is  easily 
implemented  in  either  hardware  or  software. 

The  IDEA  algorithm  is  a  block  cipher,  symmetric  cryptosystem  incorporating  both 
confusion  and  substitution.  The  algorithm  uses  a  128-bit  key.  IDEA  encrypts  data  in 
64-bit  blocks,  taking  a  64-bit  block  of  plaintext,  breaking  it  up  into  4,  16-bit  blocks  to 
employ  the  algorithm.  The  design  philosophy  behind  the  algorithm  is  one  of  mixing 
operations  from  different  algebraic  groups  [Ref  19].  The  algorithm  is  easily 
implemented  on  16-bit  processors. 

The  LOKI  algorithm  is  a  block  cipher,  symmetric  cryptosystem  which  operates  very 
similarly  to  DES.  The  algorithm  uses  a  64-bit  key.  LOKI  encrypts  data  in  64-bit  blocks, 
taking  a  64-bit  block  of  plaintext,  breaking  it  up  into  2,  32-bit  blocks  to  employ  the 
algorithm.  LOKI  uses  many  of  the  same  arithmetic  and  logical  operators  as  DES,  except 
unlike  DES  there  is  no  initial  permutation,  the  data  block  is  first  XORed  with  the  key. 
Like  DES,  the  algorithm  is  relatively  easy  to  implement  in  software. 
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The  relative  merits  of  symmetric  algorithms  versus  asymmetric  algorithms  can  be 
debated  ad  nauseam.  However,  there  are  certain  factors  which  must  be  taken  into 
consideration.  The  implementation  of  the  encryption  algorithm  can  be  in  either  hardware 
or  software.  This  paper  will  look  at  implementing  the  algorithm  in  software.  Software 
implementation  requires  speed  to  be  a  prime  factor  when  considering  an  encryption 
schema.  A  disadvantage  of  using  asymmetric  algorithms  is  speed,  therefore  symmetric 
algorithms  were  used  [Ref  9].  Key  distribution  is  another  important  factor  when 
considering  the  choice  of  a  cryptosystem.  Symmetric  key  algorithms  require  both  users  to 
share  and  maintain  the  secrecy  of  the  key.  Asymmetric  key  algorithms  have  the 
advantage  of  each  user  being  responsible  for  his  own  key,  however  key  distribution  of  the 
public  key  is  still  an  issue. 

Cryptanalysis  is  the  attempt  to  "break”  a  cryptosystem.  All  cryptosystems  have 
certain  properties  which  they  must  satisfy.  Cryptosystems  which  have  not  been  subjected 
to  cryptanalysis  should  be  viewed  with  skepticism.  The  security  of  symmetric 
cryptosystems,  such  as  the  ones  reviewed  in  this  work,  is  a  function  of  two  things:  the 
strength  of  the  algorithm  and  the  length  of  the  key  [Ref  19]. 

The  latter  is  easier  to  demonstrate....  Assume  that  the  strength  of  the  algorithm 
is  perfect.... By  perfect,  I  mean  that  there  is  no  better  way  to  break  the  cryptosystem 
other  than  to  try  every  possible  key;  this  is  called  a  brute-force  attack  [or  exhaustive 
key  search].  If  the  key  is  8  bits  long,  then  there  are  2®=256  possible  keys.  Therefore 
it  will  take  256  attempts  to  find  the  correct  key,  with  an  expected  number  of 
attempts  of  128.  If  the  key  is  56  bits  long,  then  there  are  2^®  possible  keys. 
Assuming  a  supercomputer  can  try  a  million  keys  a  second,  it  will  take  2000  years 
to  find  the  correct  key.  [Ref  19] 

Properties  which  all  cryptosystems  should  exhibit  are: 

♦  The  security  of  the  cryptosystem  rests  with  the  secrecy  of  the  key  rather 
than  with  the  supposed  secrecy  of  the  algorithm  [Ref.  19]. 

♦  A  strong  cryptosystem  has  a  large  keyspace  [Ref.  19]. 
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♦  A  strong  cryptosystem  will  produce  ciphertext  which  appears  random  to 
all  standard  statistical  tests  [Ref.  9]. 

♦  A  strong  cryptosystem  will  resist  all  known  previous  attacks  [Ref.  9]. 

Ciyptosystems  which  meet  the  above  tests  are  not  guaranteed  to  be  secure.  Time 
is  the  true  test  of  a  good  cryptosystem.  This  paper  will  review  the  status  of  cryptanalysis 
of  IDEA,  DES,  and  LOKI  cryptosystems. 

D.  OVERVIEW  OF  NETWORKS 

Communications  techniques  cover  a  full  spectrum  of  systems  from  sending  a  letter 
through  the  Postal  Service  to  information  exchange  of  complex  client-server  nodes 
networks.  In  its  simplest  form,  information  communication  takes  place  between  two 
devices  that  are  directly  cormected  by  some  form  of  transmission  channel.  Often, 
however  it  is  impractical  for  two  devices  to  be  directly  cormected  [Ref  21].  More  and 
more,  communications  and  computers  are  merging  into  one  entity  via  the  cormection  of 
networks.  In  the  advent  of  this  fact,  several  key  factors  have  emerged: 

♦  There  is  no  fundamental  difference  between  data  processing 
(computers)  and  data  communications  (transmission  and  switching 
equipment)  [Ref.  21]. 

♦  There  are  no  fundamental  differences  among  data,  voice,  and  video 
communications  via  digital  techniques  [Ref.  21]. 

♦  The  lines  between  single-processor  computer,  multi-processor 
computer,  local  network,  metropolitan  network,  and  long-haul  network 
have  blurred.  [Ref.  21] 

Network  communications  have  developed  into  an  indispensable  tool  both  in 
industry  and  DoD.  There  are  numerous  type  of  communications  and  computer  networks 
to  deal  with.  There  are  some  things  however  that  all  networks  have  in  common  in  order 
to  communicate  with  each  other.  In  discussing  computer  commimications  and  computer 
networks,  two  concepts  are  paramoimt:  protocols,  which  are  conventions  for  the 
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exchange  of  data  between  two  entities,  and  computer-communications  architecture,  the 
collection  of  modules  that  implements  the  communications  functions  [Ref  21], 

1.  Protocols 

Most  systems  are  implemented  with  layered  protocol  architecture  such  as  OSI  or 
TCP/IP  [Ref  3]  The  key  elements  of  a  protocol  are: 

♦  Syntax:  includes  such  things  as  data  format,  coding,  and  signal  levels 
[Ref.  21], 

♦  Timing;  includes  speed  matching  and  sequencing  [Ref.  21], 

♦  Semantics:  includes  control  information  for  coordination  and  error 
handling  [Ref.  21]. 

Along  with  these  key  elements,  there  are  several  important  characteristics  of 
protocols: 

♦  Direct/indirect  [Ref.  21]. 

♦  Monolithic/structured  [Ref.  21]. 

♦  Symmetric/asymmetric  [Ref.  21]. 

♦  Standard/nonstandard  [Ref.  21]. 

Communications  between  two  points  may  be  either  direct  or  indirect.  If  the  two 
points  share  a  direct  link  then  they  communicate  directly.  It  is  of  course  possible  for  there 
to  be  more  than  two  pints  in  the  communications  link  and  still  have  direct 
communications.  If  a  pair  of  communicating  devices  go  through  some  kind  of  arbitrated 
or  third  party  in  order  to  communicate  then  that  is  an  indirect  link 

A  monolithic  protocol  is  one  in  which  all  of  the  elements  of  a  single  protocol  are 
reflected  in  all  communicating  devices.  This  makes  communicating  difficult  if  not 
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impossible  for  networks  with  differing  monolithic  protocols.  All  of  the  processes  must 
have  the  protocol  logic  as  well. 

...Consider  an  electronic  mail  package  running  on  two  computers  connected 
by  a  synchronous  HDLC  link.  To  be  truly  monolithic,  the  package  would  need  to 
include  all  of  the  HDLC  logic.  If  the  connection  were  over  a  packet-switched 
network,  the  package  would  still  need  the  HDLC  logic  (or  some  equivalent)  to 
attach  to  the  network  [Ref  21]. 

Structured  protocols  are  a  result  of  structured  design  and  implementation  principles 
[Ref  21].  In  order  to  reduce  the  complexities  which  would  be  involved  with  a  monolithic 
protocol,  protocols  can  be  layered.  Instead  of  a  single  protocol,  the  protocols  can  be 
arranged  in  a  hierarchical  structure  [Ref  21]. 

Lower-level,  more  primitive  functions  are  implemented  in  lower-level  entities  that 
provide  services  to  higher-level  entities.  For  example,  there  could  be  an  HDLC  module 
(entity)  that  is  invoked  by  an  electronic  mail  facility  when  needed  [Ref  21]. 

Symmetry  and  asymmetry  involve  the  level  at  which  the  communication  is  being 
carried  out.  Communications  which  are  between  similar  elements,  i.e.  two  user  PC's  on  a 
network,  are  symmetric. 

Asymmetry  may  be  dictated  by  the  logic  of  the  exchange  (e.g.,  a  "user"  and  a 
"server"  process),  or  by  the  desire  to  keep  one  of  the  entities  or  systems  as  simple  as 
possible.  An  example  would  be  the  normal  response  mode  of  HDLC  [Ref  21]. 

Standard  protocols  refer  to  protocols  which  have  applicability  over  a  wide  range  of 
platforms.  Standard  protocols  have  usually  been  adopted  by  some  type  of  organizing 
body,  and  generally  have  wide  acceptance  both  on  the  part  of  industry  and  users. 
Non-standard  protocols  exist  as  "stovepipe"  systems.  They  are  generally  designed  for 
specific  applications  and  for  specific  platforms.  Both  industry  and  DoD  have  moved 
away  from  non-standard  protocols  because  of  the  expense  involved  and  the  lack  of 
portability  with  other  non-standard  systems. 
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2.  Computer  Networking  Architecture 

It  is  possible  to  look  at  the  computer  architecture  as  a  structured  collection  of 
protocols  which  facilitate  the  exchange  of  data  over  a  computer  or  communications 
network.  It  is  a  set  of  policies  which  will  lead  to  better  overall  connectivity  [Ref  20], 
OSI,  TCP/IP,  and  SNA  are  all  examples  of  computer  architectures.  This  paper  will 
review  the  basic  functions  of  the  OSI,  and  TCP/IP  architecture. 

a.  OSI  Architecture 

The  Open  Systems  Interconnection  (OSI)  model  is  a  set  of  international 
standards  that  provides  a  common  set  of  forms  for  computer  communications  and 
networking.  The  OSI  reference  model  provides  a  framework  for  defining  standards  for 
linking  heterogeneous  computers.  The  model  was  designed  to  make  each  layer 
manageably  small,  but  not  have  so  many  layers  as  to  become  burdensome  [Ref  21].  The 
layers  include:  physical,  data  link,  network,  transport,  session,  presentation,  application. 
The  strength  of  the  OSI  is  that  it  is  specifically  designed  for  heterogeneous 
communications.  The  protocol  layers  commimicate  on  a  peer-to-peer  basis,  making  the 
communications  issues  less  complex  by  breaking  them  up  into  functional  imits. 

Each  of  the  seven  layers  of  the  OSI  model  has  a  specific  task  to  perform  in  the 
architecture.  From  top  to  bottom  the  functions  of  the  layers  are: 

♦  Applicsation  -  contains  management  functions  and  generally  useful 
mechanisms  to  support  distributed  applications.  Examples  are  file 
transfer  and  electronic  mail  [Ref.  21]. 

♦  Presentation  -  concerned  with  data  transformation,  data  formatting  and 
data  syntax.  Allows  an  application  to  correctly  interpret  the  data  being 
transferred  [Ref.  1 0]. 

♦  Session  -  provides  the  mechanism  for  controlling  the  dialogue  between 
applications  in  end  systems  [Ref.  21]. 


13 


♦  Transport  -  provides  a  reliable  mechanism  for  the  exchange  of  data 
between  processes  in  different  systems,  it  ensures  that  data  units  are 
delivered  error-free,  in  sequence,  with  no  losses  or  duplications  [Ref. 
21]. 

♦  Network  -  moves  data  through  the  network,  carries  out  the  functions  of 
switching  and  routing,  sequencing,  logical  channel  control,  flow  control, 
and  error  recovery  network  wide  [Ref.  1 0], 

♦  Data  link  -  provides  services  for  reliable  interchange  of  data  across  a 
data  link  established  by  the  physical  layer.  The  data  link  layer  manages 
the  establishment,  maintenance,  and  the  release  of  data  link 
connections  [Ref.  10]. 

♦  Physical  -  Provides  the  physical  connectivity  between  two  end  users 
[Ref.  11]. 

In  the  OSI  model  all  of  the  layers  commimicate  with  their  peer  through  the 
physical  layer.  For  example,  assume  two  systems  A  and  B  both  use  the  OSI  model.  If  the 
two  systems  are  communicating  using  an  application  level  function  then  the  systems  will 
establish  peer  to  peer  relationships  at  that  level  [Ref  21].  The  relationship  is  conducted 
down  through  the  layers  of  each  individual  system  to  the  physical  layer  where  the  actual 
data  bits  are  transferred,  as  depicted  in  Figure  2.1. 

b.  TCP/IP  Architecture 

The  other  major  architecture  is  the  Transfer  Control  Protocol/Intemet  Protocol 
(TCP/IP).  TCP/IP  is  an  outgrowth  from  development  begun  by  ARPA  for  ARPANET  and 
the  Defense  Data  Network  [Ref  21].  TCP/IP  has  much  more  extensive  implementation 
than  OSI  due  primarily  to  its  use  by  DoD  [Ref  20].  Like  OSI,  TCP/IP  breaks  up 
communication  tasks  into  smaller  more  manageable  subsections. 

The  objection  sometimes  raised  by  the  designers  of  the  TCP/IP  protocol  suite 
and  its  protocols  is  that  the  OSI  model  is  prescriptive  rather  than  descriptive.  It 
dictates  that  protocols  within  a  given  layer  perform  certain  functions.  This  may  not 
always  be  desirable.  It  is  possible  to  define  more  than  one  protocol  at  a  given  layer, 
and  the  functionality  of  those  protocols  may  not  be  the  same  or  even  similar  [Ref 
21]. 
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TCP/IP  relies  on  three  factors  to  carry  out  successful  communications; 
processes,  hosts,  and  networks.  Processes  are  the  basic  entities  that  communicate.  The 
processes  run  on  hosts.  Communication  between  processes  takes  place  over  networks 
which  contain  hosts  [Ref  21], 

The  individual  networks  in  a  TCP/IP  system  are  usually  referred  to  as 
subnetworks  [Ref  21].  The  IP  portion  of  the  protocol  is  implemented  in  both  the 
individual  systems  or  subnetworks  and  the  routers,  while  TCP  is  implemented  only  on  the 
individual  systems.  Every  object  must  have  a  unique  identifying  address. 

Actually,  two  levels  of  addressing  are  needed.  Each  host  on  a  subnetwork 
must  have  a  imique  global  internet  address;  this  allows  the  data  to  be  delivered  to 
the  proper  host.  Each  process  with  a  host  must  have  an  address  that  is  unique 
within  the  host;  this  allows  the  host-to-host  protocol  (TCP)  to  deliver  data  to  the 
proper  process.  These  later  addresses  are  known  as  ports  [Ref  21], 

TCP/IP  is  generally  describe  as  having  four  layers:  network  access  layer  protocol 
(NAP),  internet  layer,  host-to-host  layer,  and  the  process  layer  [Ref  21].  The  network 
access  layer  provides  information  which  allows  access  to  the  network.  The  internet  layer 
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allows  communications  to  occur  between  multiple  networks.  The  host-to-host  allows 
process  on  different  hosts  to  communicate.  The  process  layer  allows  resource  sharing  and 
remote  access  [Ref.  21], 

To  look  at  a  simple  example  ,  assume  that  a  process  is  associated  with  host  X 
port  1.  X  intends  to  give  the  message  to  a  process  on  host  Y  port  2.  The  process  on  X 
sends  the  message  to  TCP  with  the  instructions  to  send  the  message  on  to  Y  port  2.  TCP 
then  gives  the  message  to  IP  with  the  instruction  to  send  the  message  to  host  Y.  IP  is  not 
concerned  with  the  port  address,  only  the  host  address.  The  message  is  then  sent  to  the 
NAP,  where  a  packet  header  is  appended  to  the  information.  The  packet  header  contains 
further  instructions  to  be  sent  to  the  router.  At  the  router  the  packet  header  is  removed 
and  the  IP  header  is  examined  [Ref  21].  The  IP  module  in  the  router  sends  the  datagram 
to  Y.  The  message  is  again  given  NAP  header  information.  When  the  data  arrives  at  Y, 
information  is  stripped  off  in  reverse  until  the  destination  is  reached.  An  example  of  the 
TCP/IP  architecture  is  depicted  in  Figure  2.2. 
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3.  Network  Encryption 

Encryption  in  the  network  environment  usually  assumes  one  of  two  forms,  link 
encryption,  or  end-to-end  encryption.  There  are  strong  points  and  weak  points  for  both. 
The  decision  on  which  form  to  use  must  be  based  on  the  security  requirements  of  the 
organization  and  the  information.  Network  information  is  inherently  difficult  to  protect 
[Ref  22].  An  intruder  can  access  information  in  a  variety  of  ways.  Network  traffic 
analysis  is  very  difficult  to  detect  and  even  more  difficult  to  prevent.  Encryption  is  one 
way  of  protecting  the  network  data. 

a.  Link  Encryption 

In  link  encryption  all  devices  on  the  network  are  enabled  with  encryption 
capabilities.  Devices  connected  at  the  physical  layer  encrypt  all  data  passing  through 
them,  including  data,  routing  information,  protocol  information,  etc.  The  major  strength 
of  such  a  schema  is  that  the  information  traveling  over  the  network  is  extremely  secure. 
Not  only  is  the  data  itself  encrypted,  but  the  header  information  is  encrypted  as  well.  This 
points  to  one  of  the  major  drawbacks  of  link  encryption,  which  is  that  the  message  must 
be  decrypted  whenever  a  packet  reaches  a  switching  point.  The  encrypted  header  and 
addressing  information  makes  traffic  flow  analysis  more  difficult.  Key  management  in 
link-to-link  encryption  can  become  a  problem  [Ref  22].  Each  device  in  the  link  must 
have  the  key  for  the  data  packet.  This  raises  a  serious  problem  with  user  authentication. 

A  graphic  depiction  of  link  encryption  is  shown  in  Figure  2.3. 


Figure  2.3  Link  encryption  [Ref.  22] 
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b.  End-to-End  Encryption 

End-to-end  encryption  involves  encrypting  only  the  user  data.  The  headers  and 
addressing  scheme  are  in  the  clear.  The  source  user  will  encrypt  the  data.  The  encrypted 
data  will  be  transmitted  unchanged  through  the  network  to  the  destination.  The  end  user 
will  then  decrypt  the  data.  The  obvious  problem  with  this  type  of  encryption  is  that  there 
is  no  protection  of  the  traffic  flow  information.  One  advantage  that  end-to-end  encryption 
has,  is  that  only  the  two  end  users  share  the  key,  reducing  the  authentication  problem.  In 
relating  the  end-to-end  encryption  to  a  communications  architecture,  end-to-end 
encryption  occurs  at  higher  levels.  For  instance  in  the  OSI  architecture,  encryption  may 
be  placed  at  the  application  layer.  A  graphic  depiction  of  end-to-end  encryption  is  shown 
in  Figure  2.4. 


Figure  2.4  End-to-end  encryption  [Ref.  22] 
E.  SUMMARY 


This  chapter  has  presented  an  overview  of  the  practice  of  and  terminology 
associated  with  cryptography,  as  well  as  an  overview  of  network  practice  and 
terminology.  The  chapter  began  by  defining  some  of  the  basic  terminology  associated 
with  networking  and  encryption.  Next  it  described  the  basics  of  cryptography  and  gave  a 
brief  description  of  the  three  algorithms  to  be  covered  in  this  paper,  DES,  IDEA,  and 
LOKI.  Then  it  described  the  basics  of  networking  and  presented  the  two  major  network 
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architectures,  TCP/IP  and  OSI.  Finally,  an  introduction  of  the  two  major  types  of  network 
encryption  was  presented. 
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in.  DES,  IDEA,  AND  LOKI  CRYPTOSYSTEM  DESCRIPTIONS 


A.  DES  ALGORITHM 

The  Data  Encryption  Standard  (DES)  is  a  block  cipher,  symmetric  cryptosystem 
incorporating  both  transposition  and  substitution.  DES  is  a  derivative  of  the  LUCIFER 
cipher  developed  by  IBM  in  the  early  1970's  [Ref  19],  DES  was  adopted  as  a  federal 
standard  in  1976  and  the  algorithm  was  recertified  for  use  in  1992.  The  algorithm  uses  a 
64-bit  key  (only  56-bits  are  actually  used).  DES  encrypts  data  in  64-bit  blocks,  taking  a 
64-bit  block  of  plaintext  and  converting  it  into  a  64-bit  ciphertext  block.  There  are  two 
basic  functions  carried  out  in  the  DES  algorithm,  substitution  and  transposition.  The 
algorithm  uses  only  standard  arithmetic  and  logical  operations  on  numbers  of  at  most 
64-bits  and  is  easily  implemented  in  either  hardware  or  software  [Ref  19].  There  are 
four  modes  of  operation  for  the  DES  specified  in  FIPS  PUB  81:  Cipher  Block  Chaining 
(CBC),  Electronic  Codebook  (ECB),  Output  Feedback  (OFB),  and  Cipher  Feedback 
(CFB)  [Ref  15].  Because  it  is  the  most  often  used  mode,  this  paper  will  detail  the  ECB 
mode  of  operation  and  describe  the  differences  which  occur  in  the  other  three  modes  of 
operation. 

1.  ECB  Mode 

There  are  sixteen  rounds  of  operations  performed  on  the  text  following  an  initial 
permutation.  A  "round"  consists  of  one  or  more  mathematical  operations.  These 
operations  are  repeated  in  successive  "rounds"  in  any  most  cryptographic  algorithms.  An 
individual  round  of  the  DES  is  described  in  Figure  3.1.  In  the  initial  permutation; 

...  the  input  block  is  transposed  as  described  in  Table  3.1.  This  table ...  should 
be  read  left  to  right,  top  to  bottom.  For  example,  the  initial  permutation  transposes 
bit  1  to  bit  58,  bit  2  to  bit  50,  bit  3  to  bit  42,  etc.  The  initial  permutation  and  the 
corresponding  final  permutation  do  not  affect  DES's  security  [Ref  19]. 
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Figure  3.1  Initial  Permutation  and  Round  1  of  the  DES  [Ref.  19] 


Table  3.1  Initial  Permutation  [Ref.  19] 

Following  the  initial  permutation  the  64-bit  text  is  split  into  two  32-bit  halves,  a 
right  and  left  half  The  32-bit  right  half  is  expanded  into  48  bits  using  the  expansion 
permutation.  The  expansion  permutation  is  described  in  Table  3.2.  The  expansion 
permutation  has  two  purposes:  to  make  the  intermediate  halves  of  the  ciphertext 
comparable  in  size  to  the  key,  and  to  provide  a  longer  result  that  can  be  later  compressed 
[Ref  1 8].  Out  of  each  4-bit  block  the  first  and  fourth  bits  are  repeated,  while  the  second 
and  third  are  used  only  once. 
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Table  3.2  Expansion  Permutation 


The  64-bit  key  is  reduced  to  a  56-bit  key  by  disregarding  every  eighth  bit.  The  DES 
uses  a  different  48-bit  key  for  each  round. 

First,  the  56-bit  key  is  divided  into  two  28-bit  halves.  Then  the  halves  are 
shifted  left  by  either  one  or  two  digits,  depending  on  the  round.  After  being  shifted 
48  out  of  the  56  bits  are  selected.  Because  this  operation  permutes  the  order  of  the 
bits  as  well  as  selecting  a  subset  of  bits,  it  is  called  a  compression  permutation,  or 
the  permuted  choice.  This  operation  provides  a  subset  of  bits  the  same  size  as  the 
output  of  the  expansion  permutation  [Ref  19]. 

The  key  for  the  cycle  is  combined  by  an  XOR  function  with  the  expanded  right  half 
of  the  input.  The  output  is  then  sent  into  the  S-boxes. 

As  stated  earlier,  one  of  the  basic  functions  of  the  algorithm  is  substitution.  This 
substitution  occurs  in  the  S-boxes.  An  S-box  is  a  table  by  which  six  bits  of  data  are 
replaced  by  four  bits  of  data.  The  48-bit  output  of  the  compressed  key  XORed  with  the 
expanded  data  block  goes  into  the  S-box.  This  output  is  split  up  into  eight  6-bit  blocks. 
There  are  eight  total  S-Boxes  and  each  data  block  is  operated  on  by  a  different  S-box. 
The  input  bits  determine  the  entry  into  the  individual  S-box. 

Suppose  that  block  Bi  is  the  six  bits  blb2b3b4b5b6.  Bits  bl  and  b6,  taken 
together,  form  a  2-bit  binary  number  blb6,  having  a  decimal  value  from  0  to  3.  Call 
this  value  r.  Bits  b2,  b3,  b4,  and  b5  taken  together  form  a  4-bit  binary  number 
b2b3b4b5,  having  a  decimal  value  from  0  to  15.  Call  this  value  c.  The  substitutions 
from  the  S-boxes  transform  each  6-bit  block  Bi  into  a  4-bit  result  [Ref  18]. 
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The  heart  of  the  security  of  the  DES  rests  with  the  S-boxes.  The  other  operations  in 
the  DES  are  linear  in  nature,  while  the  S-boxes  are  nonlinear.  The  results  of  this 
substitution  phase  are  eight  4-bit  blocks,  which  are  recombined  into  a  single  32-bit  block 
[Ref  19], 

After  the  S-boxes  the  32-bit  data  block  is  permuted  with  a  straight  permutation. 
This  is  done  in  the  P-box.  The  P-box  is  described  in  Table  3.3.  In  the  permutation 
process  each  bit  of  input  is  matched  to  an  output  position.  The  output  of  the  P-box  is 
XORed  with  the  left  half  of  the  original  64-bit  input.  The  halves  are  switched  and  the 
process  begins  again. 


Bit 

1 

2 

3 

4 

5 

6 

7 

8 

Moves 

to 

2,48 

3 

4 

5.7 

6.8 

9 

10 

11,13 

Bit 

9 

10 

11 

12 

13 

14 

15 

16 

Moves 

to 

12,14 

15 

16 

17,19 

18,20 

21 

22 

23,25 

Bit 

17 

18 

19 

20 

21 

22 

23 

24 

Moves 

to 

24,26 

27 

28 

29,31 

30,32 

33 

34  : 

35,37 

Bit 

25 

26 

27 

28 

29 

30 

31 

32 

Moves 

to 

36,38 

39 

40 

41,43 

42,44 

45 

46 

47,1 

Table  3.3  Permutation  Box 


2.  Cipher  Block  Chaining 

The  ECB  mode  encrypts  each  64-bit  block  of  data  independently  of  other  64-bit 
block  of  data.  Given  the  same  key,  identical  plaintext  will  encrypt  the  same  way.  This 
greatly  increases  the  likelihood  of  a  successful  plaintext  attack.  One  way  of  overcoming 
this  problem  is  to  use  the  cipher  block  chaining  mode. 

In  the  cipher  block  chaining  mode  the  plaintext  is  XORed  with  the  previous  cipher 
text  before  encryption.  After  encryption  the  resulting  ciphertext  is  stored  in  a  feedback 
register  to  be  XORed  with  the  next  incoming  text  to  the  encryption  routine. 

Two  messages  that  are  the  same  will  still  encrypt  to  the  same  cipher  text.  This  can 
be  especially  dangerous  with  message  headers  where  the  header  information  is  always  the 
same.  In  order  to  prevent  this  CBC  uses  an  initializing  vector  (IV)  on  the  first  block  of 
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data.  The  IV  simply  makes  each  message  imique  to  reduce  the  likelihood  of  a  plaintext 
attack. 

3.  Output  and  Cipher  Feedback  Modes 

Both  EBC  and  CBC  modes  require  text  to  be  encrypted  in  64-bit  blocks  of  plaintext. 
With  output  feedback  (OFB)  and  cipher  feedback  (CFB)  plaintext  is  encrypted  in  units 
smaller  than  the  block  size.  For  example,  in  1-bit  CBC  data  is  encrypted  1  bit  at  a  time. 

A  block  algorithm  in  n-bit  CFB  mode  operates  on  a  queue  the  size  of  the  input 
block.  Initially  the  queue  is  filled  with  an  initializing  vector  as  in  CBC  mode.  The 
queue  is  encrypted,  and  the  left-most  n  bits  of  the  result  are  the  XORed  with  the 
first  n  bit  character  of  the  plaintext  to  become  the  first  n  bit  character  of  the 
ciphertext.  The  same  n  bits  are  also  moved  to  the  right-most  n  bit  positions  of  the 
queue,  and  all  the  other  bits  move  n  to  the  left.  The  n  left-most  bits  are  discarded. 
Then  the  next  character  is  encrypted  in  the  same  manner  [Ref  19]. 

In  the  OFB  mode  part  of  the  previous  output  is  put  into  the  right-most  positions  in 
the  queue.  Both  the  OFB  an  CFB  modes  use  an  initializing  vector. 

4.  Cryptanalysis  of  the  DES 

The  security  of  the  DES  has  been  an  issue  of  concern  since  it  was  first  established 
as  federal  standard  in  1976.  Of  primary  concern  is  the  key  length.  The  original  Lucifer 
cipher  supported  a  112-bit  key.  Many  cryptographers  feel  that  the  National  Security 
Agency  (NSA)  and  the  National  Bureau  of  Standards  (NBS),  now  National  Institute  of 
Standards  and  Technology  (NIST),  had  a  hand  in  reducing  the  key  length  to  56  bits  and 
installing  a  "trapdoor"  [Ref.  19],  Regardless  of  NSA's  input  into  the  development  of  the 
DES,  the  algorithm  has  proven  itself  to  be  a  very  secure  symmetric  key  algorithm.  There 
are  several  weaknesses  which  could  be  exploited. 

The  ever  increasing  power  and  speed  of  processors  makes  the  likelihood  of  an 
exhaustive  key  search  a  possibility.  With  a  56-bit  key  there  are  2^  possible  keys  to  try.  It 
is  estimated  that  a  massively  parallel  system  could  do  this  key  search  in  1  day,  however 
the  cost  of  such  an  operation  would  be  tremendous  [Ref  7]. 
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Because  of  the  way  the  key  is  used  at  the  beginning  of  each  round  some  keys  will 
remain  the  same  throughout  the  encryption  cycle.  These  keys  are  called  weak  keys.  If  the 
key  consists  of  all  O's  or  all  I’s  or  if  one  half  consists  of  entirely  I's  and  the  other  half 
entirely  O's  or  the  other  way  around,  then  the  result  is  a  weak  key.  There  are  also  pairs  of 
keys  which  will  encrypt  plaintext  into  the  same  ciphertext.  These  pairs  of  keys  are  called 
semi-weak  keys.  There  are  a  total  of  64  weak  or  semi-weak  keys  out  of  a  set  of 
72,057,594,037,927,936  possible  keys  [Ref  19].  This  is  a  relatively  small  and  avoidable 
subset  of  the  total  keyspace. 

B.  IDEA  ALGORITHM 

The  International  Data  Encryption  Algorithm  (IDEA)  is  a  block  cipher,  symmetric 
cryptosystem  incorporating  both  confusion  and  substitution.  The  algorithm  was 
introduced  by  Xuejia  Lai  and  James  Massey  in  1990.  The  algorithm  uses  a  128-bit  key. 
IDEA  encrypts  data  in  64-bit  blocks,  taking  a  64-bit  block  of  plaintext,  breaking  it  up  into 
4,  16-bit  blocks  to  employ  the  algorithm.  The  design  philosophy  behind  the  algorithm  is 
one  of  mixing  operations  from  different  algebraic  groups:  XOR,  addition  modulo  2*^ ,  and 
multiplication  modulo  2'®+l  [Ref  19].  These  operations  add  confusion  to  the  algorithm. 
There  are  eight  rounds  in  the  algorithm.  IDEA  operates  in  the  same  four  modes  as  DES, 
electronic  codebook,  cipher  block  chaining,  cipher  feedback,  and  output  feedback  modes. 
The  modes  carry  out  the  same  function  in  IDEA  as  they  do  in  DES.  IDEA  has  achieved 
wide  recognition  as  an  extremely  capable  cryptosystem. 

IDEA  is  one  of  a  number  of  conventional  encryption  algorithms  that  have 
been  proposed  in  recent  years  to  replace  DES.. ..In  terms  of  adoption,  IDEA  is  by  far 
the  most  successful  of  these  proposals.  For  example,  IDEA  is  included  in  PGP 
[Pretty  Good  Privacy  cryptosystem  developed  by  Phil  Zimmerman],  which  alone 
assures  widespread  use  of  the  algorithm  [Ref  22]. 

1.  Function 

Initially  a  64-bit  block  of  plaintext  is  taken  and  divided  into  four  16-bit  sub-blocks. 
The  128-bit  key  is  also  split  into  a  total  of  fifty-two  subkeys.  Generation  of  the  subkeys  is 
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a  relatively  simple  process  [Ref.  19],  The  first  six  subkeys  are  taken  directly  from  the 
key,  with  subkey  1  being  the  16  most  significant  bits,  subkey  2  being  the  16  next  most 
significant  bits,  until  subkey  6. 

...a  circular  left  shift  of  25  bit  positions  is  applied  to  the  key,  and  the  next 
eight  subkeys  are  extracted.  This  procedme  is  repeated  until  all  52  subkeys  are 
generated.... This  scheme  provides  an  effective  technique  for  varying  the  key  bits 
used  for  subkeys  in  the  eight  iterations.  Note  that  the  first  subkey  used  in  each 
roxmd  uses  a  different  set  of  bits  from  the  key  [Ref  22]. 

Each  of  the  eight  rounds  uses  six  16-bit  subkeys.  The  four  16-bit  sub-blocks  of 
text  are  combined  with  four  subkeys  using  addition  and  multiplication,  producing  four 
output  blocks.  This  is  the  initial  transform.  Between  each  round,  the  second  and  third 
sub-blocks  are  swapped  [Ref  19].  The  four  output  blocks  of  text  are  XORed  to  form  two 
16-bit  blocks  of  text.  The  two  blocks  of  text  are  then  input  into  the 
multiplication/addition  (mult/add)  box.  The  mult/add  box  adds  diffusion  to  the  algorithm. 

The  multiplication/addition  box  is  the  basic  building  block  of  the  algorithm. 
This  structure  takes  as  inputs  two  16-bit  values  derived  from  the  plaintext  and  two 
16-bit  sub-keys  derived  from  the  key  and  produces  two  16-bit  outputs.  An 
exhaustive  computer  check  has  determined  that  each  output  bit  of  the  first  round 
depends  on  every  bit  of  the  plaintext-derived  inputs  and  on  every  bit  of  the 
sub-keys.  This  particular  structure  is  repeated  eight  times  in  the  algorithm, 
providing  very  effective  diffusion.  Furthermore,  it  can  be  shown  that  this  structure 
uses  the  least  number  of  operations  (four)  required  to  achieve  complete  diffusion 
[Ref  22]. 

The  two  output  blocks  of  the  mult/add  box  are  XORed  with  the  four  output  blocks 
of  the  initial  transform.  The  second  and  third  output  blocks  are  swapped.  This  increases 
the  mixing  of  the  bits  being  processed  and  makes  the  algorithm  more  resistant  to 
differential  cryptanalysis.  These  four  output  blocks  serve  as  the  input  to  the  next  round. 

All  of  the  roimds  carry  out  the  same  functions,  however  after  the  eighth  round  there 
is  another  transform  carried  out.  The  transform  is  similar  to  the  initial  transform  in  the 
begiiming  of  the  algorithm.  The  second  and  third  sub-blocks  of  the  output  from  rormd 
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eight  are  swapped  again.  The  four  sub-blocks  are  then  added  and  multiplied,  just  as  in  the 
initial  transform,  to  produce  four  sub-blocks.  These  four  sub-blocks  are  then  put  together 
to  form  the  ciphertext.  An  individual  round  of  IDEA  is  described  in  Figure  3.2. 


Figure  3.2  An  individual  round  of  IDEA  [Ref.  22] 


2.  Cryptanalysis  of  IDEA 

IDEA  is  still  a  new  algorithm.  There  have  been  no  papers  published  on  the 
cryptanalysis  of  IDEA  [Ref  19].  There  are  elements  of  the  algorithm  which  give  it 
cryptographic  strength.  The  real  strength  of  the  algorithm  lies  in  the  key  size.  With  a  key 
length  of  128-bits  an  exhaustive  key  search  is  out  of  the  question  with  today's  technology. 
On  a  computer  capable  of  trying  a  million  keys  a  second,  it  would  take  10^^  years  to  find 
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the  key  [Ref.  19],  Numerous  organizations  are  certainly  cryptanalyzing  IDEA.  It 
currently  appears  to  be  secure  and  appears  to  be  more  secure  than  DES  [Ref  19]. 

C.  LOKI  ALGORITHM 

The  LOKI  algorithm  is  a  block  cipher,  symmetric  cryptosystem  which  operates  very 
similarly  to  DES.  LOKI  is  an  Australian  cryptosystem,  first  presented  in  1990.  Several 
problems  with  the  security  of  the  algorithm  were  discovered  and  the  algorithm  was 
redesigned.  The  initial  algorithm  was  renamed  LOKI89,  and  the  new  algorithm  was 
named  LOKI91.  LOKI  in  this  paper  refers  to  the  LOKI91  algorithm.  LOKI  encrypts  data 
in  64-bit  blocks,  taking  a  64-bit  block  of  plaintext,  breaking  it  up  into  two  32  bit  blocks  to 
employ  the  algorithm.  LOKI  uses  many  of  the  same  arithmetic  and  logical  operators  as 
DES.  Unlike  DES  there  is  no  initial  Permutation.  The  algorithm  uses  a  64-bit  key. 

1.  Function 

Initially  a  64-bit  block  of  plaintext  is  taken  and  divided  into  two  32-bit  sub-blocks. 
The  64-bit  key  is  also  split  into  two  32-bit  subkeys. 

The  key  schedule  is  responsible  for  deriving  the  subkeys.  In  each  round  i,  the 
subkey  Ki  is  the  current  left  half  of  the  key  .  On  odd  numbered  rounds  this  half  is 
then  rotated  12  bits  to  the  left.  On  even  numbered  rounds,  this  half  is  then  rotated 
13  bits  to  the  left,  and  the  key  halves  are  interchanged  [Ref  12]. 

In  each  round  there  are  three  operations  which  occur:  expansion  permutation, 
S-box,  which  has  the  same  function  as  the  S-box  in  the  DES,,  and  straight  permutation. 
These  three  operations  are  called  the  encryption  function.  The  expansion  permutation 
takes  a  32-bit  input  and  produces  a  48-bit  output.  The  output  from  the  expansion 
permutation  is  divided  into  four  sub-blocks  of  12  bits  each  and  serves  as  the  input  into  the 
four  S-boxes. 

The  S-boxes  in  the  LOKI  algorithm  perform  the  same  function  as  the  S-boxes  in  the 
DES.  The  S-boxes  add  confusion  to  the  cipher.  The  S-boxes  take  the  12-bit  output  from 
the  expansion  permutation  and  produce  an  8-bit  output.  The  8-bit  output  are  concatenated 
together  to  form  the  32-bit  output  of  the  S-boxes.  The  8-bit  output  from  S-box(4) 
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becomes  the  most  significant  byte  (bits  [31... 24]),  then  the  outputs  from  S-box(3) 
(bits[23...r6]),  S-box(2)  (bits[15...8]),  S-box(l)  (bits[7...0])  [Ref.  12]. 

The  output  of  the  S-boxes  is  sent  to  the  permutation  function.  Permutation  adds 
diffusion  to  the  algorithm. 

The  permutation  fimction  takes  the  32-bit  concatenated  outputs  from  the 
S-boxes,  and  distributes  them  over  all  the  inputs  for  the  next  round  via  a  regular 
wire  crossing  which  takes  bits  from  the  outputs  of  each  S-box  in  turn  [Ref  12]. 

The  32-bit  output  of  the  encryption  fimction  is  then  added  modulo  2  to  the  left 
32-bit  block  of  input  text.  The  two  input  block  halves  are  then  swapped.  This  process  is 
repeated  for  16  rounds  except  that  the  input  block  halves  are  not  swapped  in  the  last 
round.  After  the  last  round  the  output  blocks  are  concatenated  together  to  form  the  output 
block  [Ref  12].  The  first  two  rounds  of  LOKI  are  described  in  Figure  3.3. 

2.  Cryptanalysis  of  LOKI 

Of  the  three  algorithms  reviewed  in  this  paper  LOKI  is  probably  the  weakest 
cryptographically.  The  redesign  of  LOKI89  did  enhance  the  algorithm  significantly, 
however  there  are  still  several  weaknesses.  The  original  algorithm  was  susceptible  to 
differential  cryptanalysis  with  eleven  or  fewer  roimds  [Ref  2].  The  algorithm  also 
suffered  from  a  key  complementation  problem  which  reduces  the  exhaustive  key  search 
by  a  factor  of  256  [104,5 12,5 13] [Ref  19].  LOKI91  was  redesigned  with  the  following 
changes: 

♦  The  key  schedule  was  changed  to  swap  halves  after  every  second 
round  [Ref  12]. 

♦  The  subkey  generation  algorithm  was  changed  so  that  the  rotation  of  the 
left  subkey  alternated  between  12  and  13  bits  to  the  left  [Ref  19]. 

♦  The  initial  and  final  XOR  of  the  block  with  the  key  was  eliminated  [Ref 
19]. 

♦  The  S-box  function  was  altered  [Ref  12]. 
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P:  Permutation  box 
S:  Substitution  box 
E:  Expansion  permutation 
+:  XOR 

Rotate:  Rotation  of  the  key 
Figure  3.3  First  two  rounds  of  LOKl  [Ref.  19] 

The  redesigned  output  should  be  immune  to  differential  cryptanalysis  [Ref.  12]. 
The  exhaustive  key  search  is  reduced  by  a  factor  of  four,  due  to  a  weakness  in  the  key 
schedule  [Ref.  19].  There  is  a  new  version  of  LOKI  currently  being  developed  which 
should  eliminate  some  of  the  current  weaknesses.  At  present  LOKI  cannot  be  considered 
a  secure  cipher. 

D.  SUMMARY 

All  three  of  the  cryptosystems  presented  here,  DES,  IDEA,  and  LOKI,  have  their 
own  individual  strengths  and  weaknesses.  This  chapter  has  presented  a  detailed  analysis 
of  all  three  cryptosystems.  Table  3.4  gives  a  representation  of  some  features  of  the  major 
characteristics  of  each  of  the  three  cryptosystems  covered  in  this  chapter. 
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IDEA 

DES 

LOKI 

KEY  LENGTH 

128  Bits 

56  Bits 

64  Bits 

BLOCK  SIZE 

64  Bits 

64  Bits 

64  Bits 

ROUNDS 

9 

16 

16 

SUB-BLOCK  SIZE 

16  Bits 

32  Bits 

32  Bits 

VULNERABILITY 

LOW 

LOW 

HIGH 

Table  3.4  Cryptosystem  vulnerabilities 
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IV.  AN  IMPLEMENTATION  PROPOSAL 


A.  INTRODUCTION 

Encrypted  voice  communication  in  computer  networks  involves  four  phases.  The 
analog  voice  signal  is  digitized.  The  digitized  voice  data  is  then  encrypted  and  put  into 
packets.  The  packets  are  then  transmitted  over  the  network.  The  packets  are  received  and 
decrypted  at  the  other  end  [Ref  6]. 

In  order  to  establish  a  plan  for  implementing  encrypted  voice  traffic  over  a  PC 
network,  several  factors  must  be  considered.  Some  of  the  primary  factors  have  been 
discussed  in  this  paper.  The  main  factors  are;  whether  to  use  link  or  end-to-end 
encryption;  the  architecture  to  base  the  design  on,  OSI  or  TCP/IP;  and  the  encryption 
algorithm  to  be  used.  The  focus  of  this  chapter  will  be  to  make  recommendations  on  these 
key  factors,  which  should  assist  in  the  implementation  of  encrypted  voice  traffic  in  a  PC 
network.  Several  applications  exist  both  in  shareware  software  and  commercial  software 
which  can  aid  in  the  implementation. 

B.  ENCRYPTION  METHODOLOGY 

End-to-end  encryption  is  the  recommendation  for  the  encryption  methodology. 
End-to-end  encryption  relieves  some  of  the  key  management  problem  which  would 
become  extremely  troublesome  in  link  encryption.  The  encryption  scheme  can  be 
implemented  directly  at  the  application  layer  making  it  easier  to  implement  in  software, 
and  making  it  independent  of  the  type  of  communication  network  used  [Ref  19].  The 
user  information  remains  encrypted  from  point  of  origin  to  point  of  destination.  Link 
encryption  decrypts  the  entire  message  at  each  node  making  the  information  vulnerable  at 
these  points. 

C.  ARCHITECTURE 

The  architecture  should  utilize  the  Transmission  Control  Protocol/Intemet  Protocol 
Architecture  (TCP/IP).  The  architecture  provides  a  way  for  the  applications  to 
communicate  reliably  between  two  computers.  As  described  in  Chapter  II,  TCP/IP 
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incorporates  four  layers;  an  application  protocol,  the  transport  protocol,  the  internet 
protocol,  and  the  lower  level  protocol  needed  to  manage  the  physical  link.  The  user 
should  be  able  to  access  another  computer  on  the  network  simply  by  knowing  another  IP 
address.  The  routing  should  be  invisible  to  the  user. 

TCP/IP  is  a  "connectionless"  technology.  The  packet  information  is  transferred  as  a 
sequence  of  "datagrams."  Provisions  are  made  to  open  connections  (conversations  which 
will  continue  for  some  time).  The  datagrams  are  eventually  broken  up  and  treated  as 
separate  entities.  So  for  example  if  the  voice  transmission  is  a  25,000  byte  file,  the 
TCP/IP  protocol  may  break  it  up  into  50,  500  byte  datagrams.  The  datagrams  will  be 
transmitted  as  separate  entities  through  the  network  and  will  be  put  back  together  at  the 
other  end. 

The  recommendation  at  the  physical  layer  is  for  an  Ethernet  implementation. 
Ethernet  is  an  operational  local  network  designed  to  provide  cost-effective 
interconnection  for  a  large  number  of  heterogeneous  data  users.  At  the  data  link  level 
data  packets  (or  fi-ames)  are  transmitted  over  a  single  cable  by  means  of  a  multi-access 
contention  mechanism  [Ref  6]. 

D.  NETWORK  VOICE  APPLICATION 

A  shareware  product  called  "Internet  VoiceChat"  (IVC),  handles  internet  or  network 
voice  traffic.  IVC  was  created  by  Richard  Ahrens  at  the  University  of  Pennsylvania 
Wharton  School  [Ref  1].  The  IVC  application  is  useful  because  it  handles  all  networking 
tasks  of  the  voice  traffic.  IVC  requires  the  following:  Winsock  1.1,  a  Windows™ 
compatible  sound  card  with  microphone,  net  connectivity  (e.g.,  Ethernet),  and  a  386 
processor  or  better  CPU.  The  total  size  of  the  installed  software  is  189,322  bytes.  The 
source  code  for  the  product  is  reportedly  available  for  academic  institutions  to  use  for 
academic  research. 
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1.  Installation 

Installing  the  I  VC  product  is  a  relatively  easy  process.  After  running  the 
installation  program,  a  setup  screen  is  presented  as  displayed  in  Figure  4.1.  Several  of  the 
items  in  the  setup  screen  are  not  available  in  the  current  version  of  the  software.  The 
"Call  Screen  Timeout"  window  sets  the  interval  the  program  will  wait  before  it  defaults  to 
the  specified  option  when  the  "Call  Screen"  is  active.  The  two  "Call  Screen"  modes  are: 
"answering  machine,"  which  records  a  message  left  by  another  user;  and  "reject,"  which 
forces  the  call  to  be  disconnected. 

Two  directories  are  specified  in  the  setup  menu.  The  first  is  the  "message 
directory",  which  dictates  the  disk  location  to  store  the  recorded  messages.  The  second 
directory  is  the  "working  directory",  for  the  IVC  files.  It  is  recommended  by  the  vendor 
that  the  "working  directory"  be  a  RAM  disk  with  700k  free  space  [Ref  1]. 


Figure  4.1  IVC  setup  screen  [Ref.  1] 
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2.  Use 

To  initiate  a  call,  "VoiceChat"  is  selected  in  the  "Mode"  box.  The  remote  IP 
address  of  the  individual  to  be  called  is  entered  into  the  "Dial"  field.  Once  the  call  button 
is  pressed  the  menu  will  indicate  that  the  user  is  attempting  to  be  contacted.  After  the  two 
parties  are  connected  the  record  and  stop  buttons  on  the  menu  will  light  up.  The  program 
uses  a  traffic  light  symbol  to  indicated  when  the  user  can  record  and  transmit.  The 
program  will  allow  for  up  to  one  minute  of  recorded  data.  When  the  user  has  finished 
recording  the  stop  button  is  pressed.  The  traffic  light  symbol  will  turn  red  and  the 
message  will  be  transmitted.  Once  the  traffic  light  turns  green  again,  the  other  user  may 
respond.  The  traffic  light  symbol  will  turn  red  when  the  user  is  recording  or  sending  her 
or  his  voice.  A  depiction  of  the  call  screen  is  presented  in  Figure  4.2. 


Figure  4.2  IVC  call  screen  [Ref.  1] 


E.  ENCRYPTION  ALGORITHM 

Using  the  IVC  source  code  it  is  possible  to  include  an  encrypting  function  within 
the  IVC  application.  Source  code  is  readily  available  for  all  three  of  the  cryptographic 
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algorithms  reviewed  in  this  paper.  Beeause  of  the  lack  of  cryptographic  security  provided 
by  the  LOKI  algorithm  it  should  not  be  considered  as  a  choice.  The  DES  and  IDEA 
algorithms  both  provide  proven  security. 

1.  DES 

Several  shareware  programs  exist  which  allow  for  the  implementation  of  the  DES. 
A  shareware  program  called  The  Private  Line  written  by  Everett  Enterprises  provides  a 
useful  means  for  testing  the  algorithm  [Ref  8].  The  DES  source  code  is  available  for 
academic  users.  The  program  conforms  to  and  demonstrates  all  171  of  the  tests  required 
by  NIST  for  a  full  DES  implementation  [Ref  8].  An  example  screen  of  one  of  the  tests 
required  by  NIST  is  depicted  in  Figure  4.3. 


DES  Compliance  Tests 
Test  153 

Test  Key:  7C,  A1,  10.  45,  4A,  1A.  6E,  57 
Test  Plain  Key:  01,  A1.  D6,  DO,  39,  77.  67,  42 
Required  Encoded  Sequence:  69,  OF,  5B,  OD.  9A,  26,  93,  9B 

Generated  Encoded  Sequence:  69,  OF,  5B,  OD,  9A,  26,  93,  9B 

*  *  *  match  confirmed  *  *  * 


Figure  4.3  NIST  test  153  of  the  DES  [Ref.  8] 

As  an  example  of  the  actual  enciyption,  a  sample  file  consisting  of  the  letters 
"abcdef,  61  62  63  64  65  66  OD  OA  in  hexadecimal  format,  was  encrypted  using  the  DES 
code.  The  encrypted  file  in  hexadecimal  is  86  6C  E4  A2  F2  35  02  36. 

2.  IDEA 

Several  shareware  programs  exist  which  allow  for  the  implementation  of  IDEA.  A 
shareware  program  called  MASK  written  by  Eugenio  Ciruana  and  Dominick  Pallone, 
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provides  a  useful  means  for  testing  the  algorithm  [Ref  17].  The  IDEA  and  MASK  source 
codes  are  available  for  academic  and  non-commercial  use.  The  IDEA  algorithm  operates 
on  16-bit  blocks  and  is  very  efficient  in  software  implementations  even  on  16-bit 
processors  [Ref  19].  As  an  example  of  the  actual  encryption,  an  sample  file  consisting  of 
the  letters  "abcdef,  61  62  63  64  65  66  OD  OA  in  hexadecimal  format,  was  encrypted 
using  the  IDEA  code.  The  encrypted  file  in  hexadecimal  is  65  A8  3 A  5C  37  Cl  CC  40  20 
70  08  00  00  00  08  00  00  00  7A  53  7A  17  86  84  93  59  00  20  51  CO  00  88. 

3.  Experimental  results 

Several  experiments  were  performed  using  the  Mask  product  and  the  Private  Line 
product  as  a  means  of  comparing  the  speed  and  efficiency  of  the  DES  and  IDEA 
algorithms.  In  all  of  the  experiments,  "wall  time"  was  used  in  order  to  measure  the  speed. 
The  programs  were  run  on  a  386/33mHz  IBM  compatible  PC. 

The  first  set  of  experiments  were  designed  to  determine  if  there  was  any  "overhead" 
or  excess  data  in  the  encrypted  text  associated  with  either  of  the  algorithms.  Small  test 
files  from  32  bits  up  to  128  bits  were  used  to  test  for  "overhead."  Both  algorithms  were 
run  in  the  CBC  mode.  The  results  of  the  these  tests  are  displayed  in  Table  4. 1 . 


Algorithm 

Plaintext 

Ciphertext 

DES 

4  Bytes 

N/A 

DES 

8  Bytes 

8  Bytes 

DES 

12  Bytes 

12  Bytes 

DES 

16  Bytes 

16  Bytes 

IDEA 

4  Bytes 

26  Bytes 

IDEA 

8  Bytes 

26  Bytes 

IDEA 

12  Bytes 

34  Bytes 

IDEA 

16  Bytes 

34  Bytes 

Table  4.1  Plaintext  file  size  versus  encrypted  file  size 
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The  Private  Line  DES  implementation  will  not  encrypt  a  file  smaller  than  64  bits  in 
size  unless  the  padding  option  is  implemented.  There  are  two  ways  to  deal  with  plaintext 
that  does  not  match  the  64-bit  block  size.  The  easiest  way  to  match  the  block  size  is  to 
"pad"  the  input.  Padding  adds  data  to  make  the  input  block  equal  a  64-bit  block  size.  The 
other  option  is  to  encrypt  the  last  short  block  size  differently  then  the  rest  of  the  blocks. 
This  is  more  a  complicated  option  and  can  make  the  algorithm  much  less  efficient  [Ref 
19].  The  MASK  IDEA  implementation  will  encrypt  and  decrypt  files  smaller  than  64  bits. 
The  MASK  program  adds  a  marker  to  the  ciphertext  to  identify  the  key  used  to  encrypt. 
The  18-byte  marker  serves  to  prevent  a  file  from  being  encrypted  again  by  a  different 
user.  The  results  of  the  encryption  show  that  both  algorithms  encrypt  without  adding 
significant  overhead.  The  extra  file  length  in  the  IDEA  algorithm  is  due  to  the  marker  and 
"padding:" 

Several  audio  files  of  differing  sizes  and  time  lengths  were  recorded,  encrypted,  and 
decrypted  to  test  the  speed  of  the  algorithms.  The  files  were  recorded  using  a  Sound 
Blaster™  Multi-CD  16  sound  card.  The  soimd  card  was  set  with  8-bit  Mono,  ll,025Hz 
sampling,  PCM  {Microsoft's  uncompressed  format)  settings.  These  are  the  same  settings 
the  IVC  product  uses  for  its  file  recordings.  Audio  file  samples  of  1  second,  10  seconds, 
20  seconds,  30  seconds,  and  1  minute  were  taken.  The  results  of  the  encryption  time  tests 
are  displayed  in  Figure  4.4.  The  results  of  the  decryption  time  tests  are  displayed  in 
Figure  4.5.  DES  is  a  slightly  faster  algorithm  for  encrypting  the  files.  At  the  1  minute  file 
size,  the  maximum  file  length  for  the  IVC  product,  DES  is  slightly  more  than  7  seconds 
faster  than  the  IDEA  algorithm.  Both  algorithms  follow  a  relatively  steady  curve  as  the 
file  size  increases. 

The  decryption  times  are  only  slightly  different  than  the  encryption  time.  Allowing 
for  timing  error,  the  times  are  virtually  the  same.  All  of  the  files  were  tested  for  their 
ability  to  give  a  playback  after  decryption.  All  of  the  files  played  successfully. 
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The  algorithms  are  very  similar  in  speed  and  in  the  level  of  complexity  for 
implementation.  The  greatest  difference  between  the  two  algorithms  is  the  level  of 
security.  IDEA  is  considered  to  be  a  much  better  algorithm  than  the  DES  [Ref  19].  The 
IDEA  algorithm  should  be  used  in  the  encrypted  voice  network  implementation  because 
of  its  security  advantage. 
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F.  SUMMARY 


This  chapter  has  provided  a  proposal  for  implementing  encrypted  voice  in  a  PC 
network.  The  chapter  began  by  presenting  some  of  the  key  factors  which  must  be 
considered  in  an  encrypted  voice  network  implementation.  The  results  of  experiments 
done  with  the  DES  and  IDEA  encryption  algorithms  were  presented  to  compare  the 
capabilities  of  the  two  algorithms. 

A  detailed  presentation  of  the  Internet  Voice  Chat  software  program  was  presented 
as  a  possible  solution  to  one  of  the  problems  faced  in  implementing  encrypted  network 
voice.  Additional  recommendations,  and  justifications  were  made  to  assist  follow  on 
research  in  a  future  implementation. 
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V.  CONCLUSIONS 


A.  OVERVIEW 

Protecting  the  information  on  expanding  computer  networks  is  of  vital  concern  to 
DoD.  As  DoD  and  DoN  move  to  expand  the  use  of  the  available  bandwidth  and  put  more 
and  more  applications  onto  networks,  security  will  become  a  continually  growing 
problem.  The  Computer  Security  Act  of  1987  mandates  that  all  government  agencies 
protect  sensitive  information  which  is  subject  to  the  Privacy  Act  if  it  is  stored  or 
transmitted  on  a  computer  [Ref  23], 

The  implementation  of  voice  into  the  networking  arena  brings  even  more  challenges 
in  security.  The  level  of  security  in  these  networks  must  be  of  utmost  concern. 
Encryption  is  just  one  possible  means  of  protecting  the  information  on  computers  and 
computer  networks.  Numerous  encryption  algorithms  have  been  developed  with  varying 
levels  of  security.  In  selecting  an  algorithm,  level  of  security  and  ease  of  implementation 
should  be  of  prime  importance. 

B.  REVIEW  OF  RESEARCH  QUESTIONS 

1.  Primary  Research  Question 

What  are  the  capabilities,  effectiveness,  and  limitations  of  LOKI,  Data  Encryption 
Standard  (DES)  and  International  Data  Encryption  Algorithm  (IDEA)  cryptosystems?  All 
three  of  the  algorithms  have  relative  strengths  and  weaknesses  which  set  them  apart  from 
each  other.  The  LOKI  algorithm  has  several  weakness  involving  the  security  of  the 
algorithm  whch  make  it  unsuitable  for  use.  DES  and  IDEA  both  have  ease  of 
implementation  and  strong  levels  of  security  in  their  favor.  Key  length  is  a  primary  factor 
in  the  security  of  these  cryptosystems.  The  IDEA  algorithm  uses  a  128-bit  key  as  opposed 
to  the  56-bit  key  length  for  the  DES.  The  longer  key  length  provides  for  greater  security. 
Both  algorithms  are  relatively  easy  to  implement  in  the  PC  environment. 
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2.  Secondary  Research  Question  1 

What  are  the  major  areas  of  concern  vsath  encryption  in  network  configuration? 
One  of  the  first  issues  to  be  addressed  in  encrypted  network  configuration  is  the  type  of 
architecture  to  use  in  the  network.  The  two  major  types  of  computer  network  architecture 
are  TCP\IP  and  OSI.  The  TCPMP  architecture  suite  is  the  most  commonly  implemented 
architecture  and  is  supported  by  all  of  the  software  products  mentioned  in  this  thesis.  The 
OSI  model  is  a  standard  model  however  it  is  not  as  widely  implemented  as  TCPMP.  The 
other  key  factor  to  consider  is  whether  to  use  link  or  end-to-end  encryption.  Both 
methods  have  their  own  advantages  and  disadvantages  however  end-to-end  encryption 
provides  the  most  reasonable  solution  for  this  thesis.  End-to-end  reduces  the  key 
management  burden  and  allows  an  easier  software  solution  than  does  link  encryption. 

3.  Secondary  Research  Question  2 

What  are  the  possibilities  for  implementing  an  encrypted  PC  voice  network  in  a 
Naval  Postgraduate  School?  While  this  thesis  does  not  directly  address  an 
implementation  scheme,  several  recommendations  were  made  which  will  aid  in  the 
implementation  of  an  encrypted  voice  PC  network  at  the  Naval  Postgraduate  School.  The 
source  code  for  the  IVC  product  was  not  obtained  in  time  to  integrate  the  encryption 
source  code  into  it.  The  level  of  programming  required  for  such  an  integration  was  also 
beyond  the  scope  of  this  thesis. 

Implementing  an  encrypted  voice  network  is  certainly  possible.  Several  products 
were  mentioned  which  would  enable  such  an  implementation.  Future  research  should  be 
focused  toward  the  programming  aspect  of  the  implementation.  Strong  knowledge  of  the 
C-i-+  programming  language  is  essential  for  future  work.  Future  research  should  also 
extend  beyond  the  confines  of  the  PC  network.  The  ideas  presented  here  are  certainly 
portable  to  other  platforms  and  networks,  such  as  Apple™  and  UNIX. 
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APPENDIX:  GLOSSARY  OF  TERMS 


Computer  Security  Act  of  1987:  Under  the  Computer  Security  Act  the  National 
Institute  of  Standards  and  Technology  (NIST)  was  given  responsibility  for  improving 
computer  security  in  civilian  government  agencies.  This  responsibility  was  taken  away 
from  the  National  Security  Agency  (NSA).  Under  the  new  law,  NIST  must  create 
security  standards,  design  security  measures,  and  develop  training  programs  for  computer 
security  [Ref  18]. 

Confusion:  Obscures  the  relationship  between  the  ciphertext  and  the  plaintext  Ref  [19]. 

Connectionless:  A  service  in  which  data  are  transmitted  from  one  entity  to  another 
without  the  prior  mutual  construction  of  a  connection  (e.g.,  datagrams)  [Ref  21]. 

Cryptanalysis:  The  science  of  recovering  a  plaintext  message  from  the  ciphertext 
without  the  key  [Ref  19]. 

Datagram:  A  self-contained  packet  that  carries  information  sufficient  for  routing  from 
the  originating  data  terminal  equipment  [Ref  21]. 

Differential  Cryptanalysis:  A  cryptoanal54ic  tool  which  looks  at  pairs  of  plaintexts  and 
determines  the  probabilities  of  reappearing  in  the  resulting  ciphertext  to  determine  the 
most  likely  key. 

Diffusion:  Dissipates  the  redundancy  of  the  plaintext  by  spreading  it  out  over  the 
ciphetext. 

High-Level  Data  Link  Control  (HDLC):  A  very  common  bit-oriented  data  link 
protocol  (OSI  layer  2)  issued  by  ISO.  Similar  protocols  are  ADCCP,  LAP-B,  and  SDLC 
[Ref21]. 

International  Organization  for  Standardization:  An  international  agency  for  the 
development  of  standards  on  a  wide  range  of  subjects.  It  is  a  voluntary,  nontreaty 
organization  whose  members  are  designated  standards  bodies  of  participating  nations  [Ref 
21]. 

Internetworking:  Communication  among  devices  across  multiple  networks  [Ref  21]. 

National  Institute  of  Standards  and  Technology  (NIST):  Part  of  the  Department  of 
Commerce,  it  issues  Federal  Information  Processing  Standards  (FIPS)  for  equipment  sold 
to  the  federal  government. 

National  Security  Agency  (NSA):  NSA  has  the  authority  to  develop  a  national  policy 
on  communications  and  computer  security  which  extends  to  the  private  sector  in  cases 
where  the  implementation  of  security  would  affect  the  national  interests  [Ref  18]. 
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Network:  Communication  among  a  variety  of  data  communicating  devices  within  a  small 
area  [Ref  21]. 

Packet:  Data  or  a  portion  of  data  which  also  contains  control  information  (packet 
header)  that  gives  the  destination  [Ref  21] 

Router:  Routes  packets  between  potentially  different  networks  [Ref  21], 

Shareware:  Software  which  allows  a  potential  user  to  try  out  a  package  before  buying  it. 
The  authors  encourage  free  sharing  of  the  software  [Ref  18  ] 

Stovepipe  System:  A  system  developed  without  regard  to  generally  accepted  standards 
for  use  by  a  single  department  or  agency. 

Traffic  Analysis:  A  tool  used  to  determine  the  location  and  identity  of  communicating 
hosts.  It  is  also  used  to  observe  the  frequency  and  length  of  messages  being  exchanged 
[Ref  22]. 

Wall  Time:  A  timing  method  for  a  process,  function  or  software  which  relies  on  a 
standard  clock  rather  than  an  internal  timing  mechanism. 
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